Upload
frank-jones
View
217
Download
1
Embed Size (px)
Citation preview
What to do “After” your IT guy gets hit by a truck!
April 1, 2005
22
Step 1 - Send flowers
Step 2 - Invoke the detailed plan that you already had in place to ensure continuance after just such an occurrence
Step 3 - Business as usual
33
Or….., if you DIDN’T have a Disaster Recovery plan in place…
Start the arduous task of putting a puzzle back together with many of the pieces missing
…and accept the fact that you’re going to lose time, money, reputation and clients.
44
Agenda for today…Agenda for today…
FACTS about lack of Disaster Recovery Planning Understanding the impact to your business TYPES of Disaster
STEPS to protect our business
Questions
55
FACTS about lack of FACTS about lack of DR Planning:DR Planning:
After the incident of the World Trade Center, 40% of the companies without disaster recovery capability were out of business within 6 weeks [Forbes Magazine]
In fact, 40% of enterprises that experience any disaster go out of business within five years. [Gartner]
Enterprises can improve those odds – but only if they take the necessary measures before and after the disaster.
66
FACTS about lack of FACTS about lack of DR Planning:DR Planning:
File corruption and data loss are becoming much more common
It costs the average company between $100,000 and $1,000,000 per year for desktop oriented disasters (both hard and soft costs)
7th Annual ICSA Lab's Virus Prevalence Survey, March 2002
What is What is Disaster Recovery? Disaster Recovery?
• Disaster recovery is a series of actions to be taken in the event of major unplanned outages to minimize their adverse effects.
– Power failure– Underground cable cuts or failures– Fire, flood, earthquake, and other natural disasters– Mistakes in system administration– Sabotage (intentional, virus, hacking, internal/external)– Loss of employee
88
When talking about When talking about Disaster Recovery…Disaster Recovery…
• We typically think of:
How to backup and restore data to computer systems How to restore network connections How to replace computers and where to put them Where employees can work if the building is damaged
99
A plan to restore all of these components must be in place.
The system must be able to put them back together if your business is to survive a disaster.
The efficiency with which this is done may make the
difference in surviving or not!
Disaster RecoveryDisaster Recovery Planning Planning
1010
Do you know your COST for downtime?
Potential pitfall - Disaster Recovery focusing only on the technical components.
Consider the impact of the following:
– Lost productivity and idle employees– Missed service level agreements– Diminished reputation for customer service– Increased technical support costs for onsite repair– Loss of customer confidence– Legal liabilities– Regulatory fines– Downward stock prices– … and more
1111
Business Business Continuance PlanningContinuance Planning
Instead of Computer Disaster Recovery, think in terms of
Business Continuance Planning!
BCP is more comprehensive. It addresses:
Risk of lost revenue and productivity
Plan of action for continuing the business, NOT computers
1212
Business Business Continuance PlanningContinuance Planning
Example of items that typical planning might leave out:
Business processes and procedures
Roles and responsibilities
What happens at the absence of key individuals
Sources and consumers of data
Recovery time-frame requirements
Order of recovery
Documented procedures
Reconstitution
Business Processes and Procedures are:
Rarely documented
Typically defined only in the combined knowledge of key employees (This is true of the “big picture” as well as for the details of each departmental process)
One of the most difficult things to put back the if key employees are not available
Business Business Processes and ProceduresProcesses and Procedures
1414
Business Business Roles and ResponsibilitiesRoles and Responsibilities
Critical time is lost without pre-defined roles and responsibilities for:
Making the decision to invoke the plan
The second in charge
Being responsible for each element of the plan
Exception handling
Decisions of priorities
Signature authority
1515
Business Business Key IndividualsKey Individuals
Absence of key individuals
A more difficult thing to consider
Mental notes
Revenge (sabotage or withholding of information)
1616
Business Business Data FlowData Flow
Sources and Consumers of Information
Detailed data flow
Detailed process flow
Updated documentation
1717
Business Business Recovery Time FramesRecovery Time Frames
Recovery Time-frames and Order
Set expectations up-front
Help to design budgets
Assign priorities for recovery
1818
Business Business DocumentationDocumentation
Documentation
Create documentation so that a contractor can restart your business
Create policies and procedures for updating
1919
Business Business ReconstitutionReconstitution
Reconstitution
When is disaster over?
How to go back to business as usual?
What steps need to be taken?
2020
Business Business Continuance PlanningContinuance Planning
We’ve talked about things that are commonly left out...
Now the things that typical planning “almost always” leaves out
• Mental notes• Periodic testing• Updating procedures and plan content• Moving DR Planning to the DR Site• Details, Details, Details!
2121
Business Business Mental NotesMental Notes
Mental Notes
“Steve knows how to do that” But what if Steve isn’t here?
Most common obstruction
Can involve relationships, passwords, technical understanding, history, contractual obligations…
Documentation will never be perfect
2222
Business Business Testing and DocumentationTesting and Documentation
Testing and Updating
32% of all data lost is due to human error
We’re all busy, so why take the time to work on something that we can put off and we probably won’t use anyway?“I’ll have time to do it tomorrow” “It’s someone else’s responsibility”
We’ve seen too many people that have lost data that they “wish they would have taken the time” to safeguard!
2323
Business Business ContinuanceContinuance
Moving Planning to the DR Site
The same disciplines must be put into practice at the DR site.
2424
A method is needed that will:
Bring knowledge together
Document it
Enable processes to be reconstructed (possibly without the help of key employees)
Enforce periodic testing and updating of the plan
Business Business Continuance PlanningContinuance Planning
Business Business Continuance Planning SummaryContinuance Planning Summary
Continuance Planning defines and documents
Departmental processes Sources of data Consumers of data Relationships Cost ramifications Budget justifications Recovery criteria Solution design Documentation Assistance with testing and updating
2626
Planning is approached in phases
Process Analysis• Data flows
Risk Analysis• Costs/Effects
Disaster Recovery Planning• Traditional technical component
Implementation and Testing• Annual or after significant changes
Business Business Continuance Planning SummaryContinuance Planning Summary
2727
Continuance Planning can be implemented:
Departmentally
In phases
As a single phase
To practical extents
Business Business Continuance Planning SummaryContinuance Planning Summary
Rob Didlake
913-780-2525
Mary Linse
913-971-6863
Thank You!
Questions?